Add ActiveSupport::MessageVerifier to aid users who need to store tamper-proof messages in cookies etc.

This is particularly useful for things like remember-me tokens in web applications and auto-unsubscribe links in emails.

1 files changed, 25 insertions, 0 deletions

diff --git a/activesupport/test/message_verifier_test.rb b/activesupport/test/message_verifier_test.rb
new file mode 100644
index 0000000000..c7ea4cb962
--- /dev/null
+++ b/activesupport/test/message_verifier_test.rb
@@ -0,0 +1,25 @@
+require 'abstract_unit'
+
+class MessageVerifierTest < Test::Unit::TestCase
+  def setup
+    @verifier = ActiveSupport::MessageVerifier.new("Hey, I'm a secret!")
+    @data = {:some=>"data", :now=>Time.now}
+  end
+  
+  def test_simple_round_tripping
+    message = @verifier.generate_message(@data)
+    assert_equal @data, @verifier.verify_message(message)
+  end
+  
+  def test_tampered_data_raises
+    data, hash = @verifier.generate_message(@data).split("--")
+    assert_not_verified("#{data.reverse}--#{hash}")
+    assert_not_verified("#{data}--#{hash.reverse}")
+  end
+  
+  def assert_not_verified(message)
+    assert_raises(ActiveSupport::MessageVerifier::InvalidSignature) do
+      @verifier.verify_message(message)
+    end
+  end
+end